Microsoft Azure – Virtual Network

 Whenever an organization moves from on-premises to a cloud-like Azure, they require the same networking functionality as they had in on-premises deployment with some level of network isolation. Azure provides different networking components to carry out these functionalities and services. One of them is the Azure virtual network (VNet).

 

What is Azure Virtual Network?

It is a representation of the on-premises network on the cloud. It helps us logically isolate the Azure cloud network dedicated to our subscription. It helps us to manage and provision virtual private networks in Azure, link the virtual networks with other virtual networks in Azure, or with on-premises IT infrastructure and networks that help us create hybrid or cross-premises solutions. 

Each virtual network we create has its own CIDR block and can be linked with other virtual and on-premises networks of the CIDR blocks that do not overlap. We also have control of  DNS server settings and segmentation of the virtual networks into the subnets.

 

 

How Does Virtual Networking Work?

 

Virtual networking is used to make a connection between resources and services within the Azure cloud environment. Virtual networking is like an isolated environment Like It can offer capabilities like private IP address space, network security groups, and routing tables apart from your on-premises network.

 

How Virtual Network Works in Azure:

1. Virtual Networks: Virtual network is a logically isolated network where we maintain our VMs and other resources.
2. Subnets: Subnets are part of a virtual network where we can group all of them based on our requirements like functionality, Security and based on other requirements. With the subnets, we can control the incoming traffic to our application. 
3. Routing: Routing is used to direct the traffic between virtual machines and resources placed in a virtual network.
4. VPN and Express Route: We connect to a virtual network in Azure from on-premises in two ways by using VPN. for secure connection or we can use Express route for dedicated private connection.

You can build a flexible, scalable, and secure cloud architecture in Azure that is tailored to your company’s needs by leveraging virtual networking.

 

Examples of Virtual Networking

 

A virtual network is a fundamental component of Azure Cloud that provides flexibility, scalability, and secure network connectivity. Some of them are mentioned below

1. Azure Load Balancer: The load balancer can distribute the traffic across multiple virtual machines in a virtual network. To distribute traffic to various apps or microservices, the load balancer and Azure Application Gateway can function together.
2. Azure VPN Gateway: A virtual device called Azure VPN Gateway offers a safe connection between your on-premises network and an Azure Virtual Network. A secure tunnel is built between the on-premises network and the Azure Virtual Network using VPN Gateway and the IPSec protocol.
3. Azure ExpressRoute: With the help of ExpressRoute we can establish a dedicated, private connection between on-premises infrastructure and Azure virtual network. ExpressRoute routes public traffic faster and more securely.
4. Azure Firewall: A virtual firewall called Azure Firewall gives resources inside an Azure Virtual Network security. In accordance with application- and network-level policies, Azure Firewall is able to examine and filter traffic.

 

Usage of Virtual Networks 

 

Virtual networks help us in many ways. Some of its use cases are as follows: 

• Create a Dedicated Private Cloud-Only Virtual Network: This solution can be used when we don’t require a hybrid configuration. When we create a virtual network, our virtual machines and services within it can communicate directly and securely with each other in the cloud. We can still configure endpoint connections for our services and virtual machines which requires internet communication. 
• Extend Our Data Center with Security: Site-to-site virtual private networks use IPSEC to provide us with a secure connection between our corporate virtual private network gateway and Azure. We can use this to securely scale our data center’s capacity. 
• Create Cross-Premises Scenarios: Virtual networks help us securely connect cloud-based applications to any on-premises system such as Unix systems and mainframes. It gives us the flexibility to support a range of hybrid or cross-premises solutions.

Subnets: Subnets help us get logical divisions within our network which help us increase performance, improve security and make it easier to manage the network. A virtual network can be segmented into one or more subnets. Each and every subnet contains a range of IP addresses that fall within the virtual network address space. This range should be unique within the address space and not overlap with other subnet address ranges. The address space should be specified using CIDR.

 

Elements of Azure Virtual Network

 

1. Subnets: Subnets can be used to split up a virtual network into smaller, simpler networks. It is possible to designate each subnet to a different security zone and control traffic between subnets using network security groups.
2. Network Security Groups: Network traffic between subnets or between virtual machines (VMs) inside a subnet is filtered using NSGs. The source or destination IP address, port number, or protocol can all be used to define rules in an NSG that allow or refuse communication.
3. Virtual Network Interface Cards: It will help our VMs to other resources via the internet. Each VM can have more than one NIC.
4. Virtual Private Network Gateway: Virtual Private Network Gateway (VPNG) technology can link on-premises resources to cloud resources.
5. Azure Application Gateway: You may manage and scale web applications using the load balancer for web traffic known as Azure Application Gateway. It offers SSL offloading, URL-based routing, cookie-based session affinity, and web application firewall (WAF) features.

Creating Virtual Networks

We can create new virtual networks at any time or add virtual networks whenever we create a VM. We have to define the address space and at least one subnet when creating the virtual network. 

By default, we can create up to 50 virtual networks per region in a subscription. We can also increase the limit up to 500 by contacting Microsoft Azure support.

 

Step-By-Step Demo of Creating Azure Virtual Machine And Virtual Network

 

Step 1: Navigate to your Azure portal.

 

 

Step 2: Click on the Create Resource option. You will be listed with different resources that can be deployed on Azure.

 

Step 3: Type in a virtual network in the search bar. Click on Create option.

 

Step 4: You will be prompted to fill in details about the virtual network we wish to create. 

Step 5: In the basics, tab fill in the required details

• Subscription: The subscription in which you wish to create the virtual network.
• Resource Group: Choose the resource group where you wish to create the virtual network. You can create a new resource by clicking on create a new option.
• Name: Enter the name of your virtual network.
• Region: Choose the region for your virtual network.

 

Step 6: Click on the Next: IP Addresses button. In the IP Addresses tab enter the following details

• IPv4 address space: Enter the IPV4 address range in CIDR notation (e.g. 192.208.9.0/32).
• Subnet: Create a subnet for your virtual network. There should be at least one subnet.

 

 

Step 7: Click on ‘Next ‘: Security tab and choose the security settings you wish for your virtual network.

 

 

Step 8: Click on the review + create option. Wait for all the validations to pass. 

 

Step 9: Click on create option to create your virtual network.

 

This is how we can create an Azure virtual network. It serves as the fundamental building block for our private network in Azure. The virtual network is similar to a traditional network that we operate in our data canters with additional benefits of cloud infrastructure like scalability, isolation, and availability. 

Azure IP addressing is critical in ensuring that all the resources are accessible. Private IP addresses are used to communicate between resources in Azure while public IP addresses are used to access Azure resources directly through the internet.  

 

Advantages of Using Azure Virtual Network

• You may build a secure, segregated network environment with Azure Virtual Network that only permits authorized access. To manage network traffic and stop illegal access, you can employ network security groups, firewall rules, and virtual private networks (VPNs).
• It is possible to link Azure Virtual Network with other Microsoft Azure services including the load balancer, autoscaling, azureVPN gateway, and application gateway.
• We may modify our network in accordance with our needs thanks to Azure Virtual Network. We can adjust our IP addresses, subnetting, and routing to meet the needs of our applications.
• We can create a multi-region network that is spanned across the multi-region. 
• You can scale your network resources up or down with Azure Virtual Network according to your business demands without experiencing any downtime.